Cybercriminals Are Coming After Your Mobile Apps: Experts

We can thank the app economy for the boom in cyberattacks aimed at mobile devices, security experts said Tuesday at the CTIA Wireless conference in Las Vegas.

As Apple CEO Tim Cook told Congress on Tuesday, smartphone growth around the world has spurred the growth of an app economy worth billions of dollars, created jobs and sparked innovation. But it has also been the catalyst for a new wave of cybercrime targeted at mobile devices.

Cybercriminals are using mobile apps as a point of entry into smartphones and tablets. Once a user downloads the app, the phone is infected.

"Mobile malware, just a few years ago, was a curiosity," said Chris Doggett, senior vice president of corporate sales at the security firm Kaspersky Labs. "Mobile platforms, for a lot of hackers, represent a new, target-rich environment."

There were very few mobile malware cases between 2004 and 2010, Doggett said. In 2011, there were more than 6,000 cases, and the number jumped to more than 30,000 last year.

Open platforms, such as Google's Android OS, have a higher rate of malicious apps than closed platforms, like Apple's, because apps available for download via Android do not have to be approved, whereas Apple's apps must be screened.

By late 2012, Android's platform accounted for 94 percent of mobile malware threats, according to Kaspersky. Android accounts for 51 percent of the global smartphone market and Apple makes up 22 percent.

Just because apps made for the iPhone or iPad are screened doesn't necessarily mean that Apple's platform is completely invulnerable, Doggett said. Last summer, the company had its first case of a malicious app on its platform, with a few other cases since that Kaspersky is aware of, he added.

Other Mobile Threats

While apps are one of the easier routes to take in attacking users' mobile devices, simply logging onto a wireless network opens the door to threats. In more targeted instances, cybercriminals may take advantage of wireless connections to steal private information.

Chris Boyer, assistant vice president public policy at AT&T, said this method is used by cybercriminals aiming to cash in on personal information and a favorite tactic of nation-state attackers looking to breach government and corporate data and systems.

(Read More: Chinese Hackers Resume Attacks on US Targets )

"From a wireless perspective, a lot of the data is not encrypted, so the connections can easily be exploited," Doggett said.

But the wireless industry is working to firm that soft spot, Boyer said.

"With cybersecurity, it may seem like all doom and gloom, but the one thing that is positive is it's still in infancy. … That helps us get ahead of it," he said. "There is a big focus is on how we can prevent these attacks from happening."